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Abstract. We present an extension of an algorithm for computing di- 
rectly the denotation of a modal /i-calculus formula \ over the configu- 
ration graph of a pushdown system to allow backwards modalities. Our 
method gives the first extension of the saturation technique to the full 
modal /i-calculus with backwards modalities. 



1 Introduction 



Recently we introduced a saturation method for directly computing the denota- 
tion of a modal /i-calculus formula over the configuration graph of a pushdown 
system [2] . Here we show how this algorithm can be extended to allow backwards 
modalities. This article is intended as a companion to our previous work, and as 
such, does not repeat many of the details. 



2 Preliminaries 



Since we extend our definition of modal /i-calculus, we give the full details here. 
The reader is directed to our previous work for the remaining preliminaries [2]. 

Given a set of propositions AP and a disjoint set of variables Z, formulas of 
the modal /(-calculus are defined as follows (with x € AP and ZeZ): 



if := x | —>x | Z | ip A ip | ip V f | Oip | ()(p | [iZ.ip | vZ.ip . 



Thus we assume that the formulas are in positive form, in the sense that negation 
is only applied to atomic propositions. Over a pushdown system, the semantics of 
a formula <p are given with respect to a valuation V : Z — \ V(C) which maps each 
free variable to its set of satisfying configurations and an environment p : AP — > 
V{C) mapping each atomic proposition to its set of satisfying configurations. We 
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where F[Z 4 S] updates the valuation V to map the variable Z to the set 5. 

The operators Dip and <0><^ assert that ip holds after all possible transitions and 
after some transition respectively; □ and are their backwards time counter- 
parts; and the fx and v operators specify greatest and least fixed points. Another 
interpretation of these operators is given below. For a full discussion of the modal 
/x-calculus we refer the reader to a survey by Bradfield and Stirling [T]. 



3 The Algorithm 

Without loss of generality, assume all pushdown commands arc pa — > p' e, pa — > 
p' b, or pa — > p' bb'. 

The extensions to our earlier work [2] are given in Procedures Q] and [5J We 
refer the reader to the original article for a description of the notations used. 

For a control state p and characters a, b, let Pop(p) = { (p',a') | p' a' -^pe }, 
and Rew(p, a) = { (p' , a') \ p' a' — )• pb }, Push(p,a,b) — { (p' ,a') \ p' a' — > pah }, 
and together Pre(p, a, b) — Pop(p) U Rew(p, a) U Push(p, a, b). 

4 Termination 

The new procedures defined here add extra cases to the termination proof [2]. 
We show these cases here and refer the reader to the original article for an 
explanation of the notation and concepts. 

Lemma 1 (Termination). The algorithm satisfies the following properties. 

1. Each subroutine introduces a fixed set of new states, independent of the au- 
tomaton A given as input (but may depend on the other parameters) . Tran- 
sitions are only added to these new states. 

2. For two input automata Ai and A2 ( giving valuations of the same environ- 
ments) such that A\ < A2, then the returned automata A^ and A' 2 , respec- 
tively, satisfy A[ ^ A' 2 . 

3. The algorithm terminates. 
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Procedure 1 BackBox{A,ipi,c,] 



(( Qi , S, Ai , Ji) , h ) = Dispatch(A, <pi,c,P) 
A' = (Qi U / U Qi„t, X 1 , Z\i U Z\', 
where J = { (p, D^i , c) | p G T 5 } 
and Q int = { (p, Opi, c, a) \ p eP Aa e S } 
and Zi' = 



((p,D^i,c),o,Q) 



Q = { (p, D^i , c, a) } U Qp 0p U Q re „ A 
Pop(p) = {{p u ai), . . . , (p„, a„)} A 
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{ ({p,api,c),±,{q e f }) \Va.Pre(p,±,a) = t> }u 
{ ({p,api,c,a),b,{q*}) | Push(p ,a,b) = }u 
{ ((p,Dv5i,c,a),±,{gJ}) | Pus/i(p, a, _L) = } 
return {A', I) 



Procedure 2 BackDiamond{A,ipi,c, 



((Qi,Z!,Ai,-,Fi),Ii) = Dispatch{A,ipi,c, 
A' = (Qi U/U Q mt ,r,Z\! UZ\',_, Fi) 
where / = { (p, O^i , c) \ p eP } 
and Q int = { (p, Opi, c, a) pePAoeX } 
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Proof. The first of these conditions is trivially satisfied by all constructions, 
hence we omit the proofs. Similarly, termination is trivial. The second and third 
conditions will be shown by mutual induction over the recursion (structure of 
the formula). The new cases follow. 

Case BackBox(A, ipi,c,P) and BackDiamond(A,<p\,c,F): 

It can be observed that all new transitions in A are derived from transitions 
I(p') — > Q (or are independent of A and A'). Since A ^ A' it follows that all 

A 

transitions have a counterpart I(p') — > Q' with Q' <c Q. Hence the property 

A' 

follows in a similar manner to the previous cases. 
4.1 Complexity 

The new procedures change the complexity of the algorithm slightly, although 
the algorithm remains in EXPTIME. In particular, the algorithm is now expo- 
nential in the number of control states, the size of the stack alphabet and the size 
of the formula. Let m be the nesting depth of the fixed points of the formula and 
n be the number of states in Ay - We introduce at most k = O (\V\ ■ \x\ • m ■ 
states to the automaton. Hence, there are at most O (n + k) states in the au- 
tomaton during any stage of the algorithm. The fixed point computations iterate 
up to an O (2 c, (™ +fe )) number of times. Each iteration has a recursive call, which 
takes up to O (2°(™+ fe )) time. Hence the algorithm is O (2°(™+ fe )) overall. 

5 Correctness 

We extend the proofs of correctness. We refer the reader to our previous work 
for the full details 0. 

Definition 1 (Correctness Conditions). The correctness conditions are as 
follows. Let A be the input automaton, ip be the input formul^, c be the input 
level and A' be the result. 

1. We only introduce level c states. 

2. If A is V -sound, A' is V^-sound. 

3. If A is V -complete, A' is V^-complete. 

The first condition is obvious. The remaining conditions are shown by induc- 
tion and require the addition of proof cases for the new procedures. 

Lemma 2 (Valuation Soundness). The algorithm is V -sound. 
1 For cases such as And(A, (pi,ip2, c, P) we take, as appropriate tp — (pi A (p2- 
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Proof. Case BackBox(A, <p>i,c, P): 



We assume that A is valuation sound with respect to some valuation V. By 
induction the result A\ of the recursive call is valuation sound with respect to 
V° . We show that A' is valuation sound with respect to . 

We observe that no (p 1 , Dipi,c) are reachable from a state (p, Dip, c, a), hence 
we show soundness for the latter states first. 

The first case is for some b with Push(p, a, b) — 0. In this case, the valuation 
of (p, Dip, c, a) contains all words of the form bw. Hence soundness is immediately 
satisfied. 

Otherwise, Push(p, a, b) = {(pi, ai), . . . , {p n , a n )} such that for all 1 < j < n, 
a,iw) (p, abw). Take a new transition ((p, Dipi, c, a), &, Q) derived from the 
runs h(pj) — ^ <2j for all 1 < j < n, with Q = QiUQ„. Suppose for some w,w E 

A\ 

(q) for all q E Q. By valuation soundness of Ai we know ajw E {h{Pj)) 

and hence, since all transitions to (p, abw) are from configurations satisfying ipi, 
we have bw E (p, Dipi, c, a) as required. 

The remaining states are of the form (p, Dipi,c). We first deal with the case 
when for all b we have Pre(p, a, b) = 0. In this case, the valuation of Q^i contains 
all words of the form aw for some w. Hence, all added transitions are trivially 
sound. 

Otherwise, take a new transition ((p,Dipi,c),a,Q) derived from some b, 
the value of Pop(p) = {{pi, a\), . . . , (p n , a n )} and for all 1 < j < n, the 

runs I^p,) ^ Q' Qf p , with Q pop = Q\° v U QP op , and the value of 

Ai J Ai J 

Rew(p, =) Up[, a[), . . . , (p' a' ,)} and for all 1 < j < n', the runs ii(p' ) — ^ 

J A! 

QY W , with Q rew = Q\ ew U Q r n ew . Finally, Q = { (p, Dipi , c, a, 6)} U Q pop U Q rew . 

Suppose for some w, w E (q) for all q E Q pop - By valuation soundness 
of A\ we know ajaw E V^^ (Ii(Pj)) and hence all pop transitions leading to 
(p, aw) are from configurations satisfying ipi . 

Now suppose for some aw, aw E (q) for all q E Qrew By valuation 
soundness of A\ we know ajw E (h(Pj)) and hence all rewrite transitions 
leading to (p, aw) are from configurations satisfying <p\. 

Finally, consider some bw in the valuation of (p, Dipi, c, a). From the sound- 
ness of this state, shown above, we have that all push transitions leading to 
{p, abw) are from configurations satisfying ipi . 

Putting the three cases together, we have for all abw E (p,Dipi,c) as 
required. 

The above cases do not cover the case _Le (p, □</?!, c). However, since 
no push transition can reach this stack, we just require the first two cases and 
that (p, □</?!, c, _L) = qj. 
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Case BackDiamond(A,<fii,c,F): 

We assume that A is valuation sound with respect to some valuation V. By 
induction the result A\ of the recursive call is valuation sound with respect to 
V c n . We show that A' is valuation sound with respect to V4 ■ 

We begin with the states (p, 0,c, a). Take a transition ((p, (), c, a), b, Q). 

Then there is some (p',a') E Push(p,a,b) such that h(p') QA\. From the 
soundness of A\ we know for all w with w E V£ ^(q) for all q E Q we have 

a'w E V c ()ipi(Ii(p')). Since (p',a'w) ^ (p,abw) we have (p,abw) satisfies <pi 

and hence bw E V-£ (p, (), c, a) and the transition is sound. 

Ovi _ 

For the remaining states, take a new transition ((p, 0(pi, c), a, Q). There are 
three cases. 



If the transition was derived from some (p 1 , a') E Pop(p) and the run Ii (p') > 

Q, then suppose for some w, w E V£ (q) for all q E Q. By valuation soundness of 
A\ we know a! aw E (ii(p')) and hence, since there is a transition {p' , a' aw), 
a configuration satisfying ipi, to (p, aw) we obtain aw G 1^ (p, 0<£>i,c) as re- 
quired. 



If the transition was derived from some (p',a') E Rew(p,a) and the run 
h(p') Q, then suppose for some w, w E V^^(q) for all q E Q. By valuation 
soundness of A\ we know a'w E (I\ (p')) and hence, since there is a transition 
(p', a'w), a configuration satisfying <pi, to (p, aw) we obtain aw £ (p, Qtpi, c) 
as required. 

Finally, if Q = {(p, (>, c, a)} then soundness is immediate from the definition 

ofV^ . 

Ovi 

Lemma 3 (Valuation Completeness). The algorithm is V -complete. 
Proof. Case BackBox( A, y>i,c, P): 

We are given that A is valuation complete with respect to some valuation V, 
and by induction we have completeness of the result Ai of the recursive call with 
respect to V° . We show A' is complete with respect to V£ . 

As in the soundness proof, we begin with the states (p, Oipi, c, a). In the 
case Push(jo, a, b) = for some 6, we either have 6 =_L and the transition from 

(p, Dipi, c, a) to 1 9/ 1 witnesses completeness, or we have a and the transition 

to {q*} witnesses completeness. 

Otherwise Push(p,a,b) = {(pi, ai), . . . , (p„, a„)}. Take some 6w such that 
a&w £ (p, D^i, c, a). Then we have ajw E (pj, tpi, c) for all 1 < j < n. 

From completeness of A\ we have a transition I\(pj) — Qj with w G V£ (q) 

for all q E Qj. Hence, we have a complete ^-transition from (p, Oipi, c, a) as 
required. 
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For the states of the form (p, Dipi , c) we first deal with the case when for all b 
we have Pre(p, a, b) — 0. In this case we immediately have transitions witnessing 
completeness. 

Otherwise, take some abw G (p, 0(pi, c). Then, for all (p',a') G Pop(p), 
we have a' abw G (ii(p')); and for all (p',a') G Rew(p,a) we have a'bw G 
(Ii(p')); and for all (p',a') G Push(p,a,b) we have a'w G V^j h(p')- From 

completeness of Ai we have a complete run -Zi(p') Q' Q for each fp', a') G 

Ax Ax 

Pop(p) and a complete run h(p') Q for each (p',a') G Rew(p,a). Since 

Ai 

we know 6w G (p, □</?!, c, a) there must be some complete transition from 
(p, Oipi, c) as required. 

The only case not covered by the above is the case _I_G (p,D,<pi,c). 
In this case there are no push transitions reaching this configuration. That is 
Push(p, ±,b) = for all b. Note also that we equated all (p, D<pi,c, _L) with qj. 
Hence, from the pop and rewrite cases above, and that (p, Dipi, c, _L) = we 
have completeness as required. 

Case BackDiamond(A,<fii,c,¥): 

We are given that A is valuation complete with respect to some valuation V , 
and by induction we have completeness of the result A\ of the recursive call with 
respect to V^. We show A' is complete with respect to V£ . There are three 
cases. 

Assume some aw such that aw G (p, <Vi, c) by virtue of some (p', a') G 
Pop(p) such that we have (p',a'aw) G (Ti(p')). By completeness of A\ we 

have a run h(p') Q such hat for all q G Q, w G (q). Hence, the 

transition {{p, (}(fii, c), a, Q) witnesses completeness. 

Otherwise, take some aw such that aw G V£ (p, O^i; c ) from some (p', a') G 
v^i 

Rew(p,a) such that we have (p',a'w) G (7i(p')). By completeness of A\ 
we have a run ii(p') Q such that for all g G Q, w G (q). Hence, the 
transition ((p, ()<pi, c), a, Q) witnesses completeness. 

Finally, take some afrit; such that abw G (p, 0</?i, c) from some (p', a') G 
Push(p,a,b) such that we have (p\a'w) G ^^(-^(p')). By completeness of 

yli we have a run Ii(p') Q such that for all g G Q, w G (g). Hence, 

v ' Ax -it; q Vi \iy 

the transitions ((p, Cvi, c), a, {(p, 0, c, a)}) and ((p, <></?i, c, a), a, Q) witness com- 
pleteness. 
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6 Conclusion and Future Work 



In previous work, we have introduced a saturation method for directly computing 
the denotation of a modal ^-calculus formula over the configuration graph of 
a pushdown system. Here, we have shown how to extend this work to allow 
backwards modalities. 
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